ICO Plan 2015-2018 


‘A clear course for 
changing times’ 
ICO plan 2015-18 


Version 12 
16 March 2015 
The Information Commissioner's Office (ICO) is the UK’s independent authority supervising the legislation that 


upholds the rights of citizens and consumers in respect of information, whether safeguarding their personal 
information under the Data Protection Act or accessing official information under the Freedom of Information Act. 


Information Commissioner’s Office 


ICO plan 2015-2018 


Introduction 


A clear course for changing times 


It's my privilege to introduce the ICO's three year corporate plan. 


The plan is a conscious continuation of our current strategy. We are holding our course, while responding to the 
emerging challenges. The refreshed plan has been elaborated by ICO teams, drawing on their experience of 
responding to developments in the information rights sphere. In the final stages, our thinking has benefited from 
comments by stakeholders in a public consultation. 
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The ICO's Better Regulation approach is set out in the strategic outcomes our activities are designed to secure. 
And our corporate objectives remain unchanged - starting with education and guidance for organisations and 
individuals; equipping and empowering individual citizens to claim their rights, whether it is under the Data 
Protection Act and the Privacy and Electronic Communications Regulations, or the Freedom of Information Act and 
the Environmental Information Regulations; using the picture that emerges from individual complaints and 
concerns to drive improvements by data controllers and public authorities - and, where that good practice 
approach is insufficient, deploying our enforcement powers effectively to secure compliance; emphasising the 
possibilities as much as the prohibitions involved in information rights, with a helpful perspective to contribute with 
each development of technology or approach; and, above all, making sure that we are able to continue to play our 
full part by working efficiently and flexibly. 


While the ICO's approach to the business of regulating information rights remains unchanged, the business we are 
charged with regulating is anything but static. Over the next three years, we shall almost certainly have to adapt 
to a new data protection framework, replacing the 20-year-old Directive. A new General Regulation will apply 
uniformly across the EU. We expect progress to be made on the final form of the legislation this year - and that 
means implementation during the life of this corporate plan. At the same time, growing concerns about both 
privacy and security make information rights a key area of policy - and the business of reconciling sometimes 
conflicting imperatives an inescapable challenge. And the developments in technology that are making possible 
ever newer and better products and services in turn present further privacy and security risks. 


Similarly, Open Data and Big Data offer both opportunities and threats. Opportunities for the more effective and 
efficient delivery of services to citizens and consumers; threats to privacy if we do not succeed in managing the 
new services properly. And transparency and freedom of information are both a help and a hindrance to public 
bodies - a spur to efficiency, but often a thorn in the side to authority. The ICO has to find the right balance of the 
public interest - between openness to the outside and necessary frankness inside organisations. If we get the 
balance wrong there are plenty of politicians who would like to amend the law in a more restrictive direction. 
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We are setting out a clear course for changing times. But, as any helmsman knows, holding your course in 
turbulent waters involves judicious tacking to take advantage of the available winds and currents. 


The ICO has been undergoing a process of Triennial Review by the Ministry of Justice and the Cabinet Office. In 
the next few weeks we will know how we did. It's a mark of the significance of the work of the ICO that a record 
number of stakeholders took part in the review process, responding to the Ministry of Justice's call for comments. 
We're not afraid of challenge or change. 


We stand by to engage positively with whatever administration emerges from the upcoming General Election. 
Early decisions will be needed on the best way of funding the ICO in the future. We will also need to make 
progress on reforming pay and benefits at the ICO to bring the office in line with similar regulatory bodies in the 
North-West where most of our staff are based. 


The process of identifying the next Information Commissioner will also need to be put in place without delay if 
there is to be a seamless handover in June next year. 


There is much for this Commissioner to do over the first half of the plan and I'm certainly not letting up. Our sails 


are set. Our course is clear. 


Christopher Graham 
Information Commissioner 
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Our goal, vision and mission 


Mission 


The ICO’s mission is to uphold information rights in the 
public interest, promoting openness by public bodies and 
data privacy for individuals. 


The ICO’s goal is to achieve a society in which: 


All organisations which collect and use personal information do so responsibly, securely and fairly. 


All public authorities are open and transparent, providing people with access to official information as a matter 
of course. 


People are aware of their information rights and are confident in using them. 


People understand how their personal information is used and are able to take steps to protect themselves 
from its misuse. 


Our vision 


To be recognised by our stakeholders as the authoritative 
arbiter of information rights, delivering high-quality, relevant 
and timely outcomes, responsive and outward-looking in our 
approach, and with committed and high-performing staff - a 
model of good regulation and a great place to work and 
develop. 
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Our strategic outcomes 


To fulfil our mission and vision and to achieve our goals we have identified the following ten strategic outcomes: 


1. A high proportion of individuals with a basic awareness of their information rights, coupled with ready access to 
information on how to exercise those rights. 


2. Development of people’s understanding of information rights and risks embedded as an output of the formal education 
system. 


3. Organisations routinely meeting their legal obligations in the way they respond to people exercising their rights. 


4. A high level of awareness in organisations of all their wider obligations under information rights law with those obligations 
routinely met in practice. 


5. Good information rights practice embedded into the culture and day-to-day processes of organisations and into emerging 
technologies and systems. 


6. Good information rights practice and the upholding of information rights being demonstrably driven by ICO’s casework 
and secured and underpinned by the use of ICO’s regulatory tools. 


7. Organisations and individuals aware of the ICO’s investigatory and enforcement powers and the consequences of failing to 
meet the requirements of information rights law. 


8. A legislative framework for information rights that is integrated and consistent, underpins good information rights 
practice, furthers the upholding of information rights and enables the ICO to be an effective regulator. 


9. The law, technology and public policy developed and deployed consistently with ICO’s goal, but without imposing 
disproportionate burdens on organisations. 


10.The public confident in information rights law as necessary, serving the public interest, effective in practice and properly 
enforced. 
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Our 2015-18 corporate objectives 


The achievement of the above strategic outcomes is directly supported by the following corporate objectives 
(below). The rest of the ICO Plan details how we aim to meet these corporate objectives. 


1. 


2. 


Organisations have a better understanding of their information rights obligations. 


Enforcement powers are used proportionately to ensure improved information rights compliance. 


. Customers receive a proportionate, fair and efficient response to their information rights concerns. 
. Individuals are empowered to use their information rights. 
. The ICO is alert and responsive to changes which impact on information rights. 


. An efficient ICO well prepared for the future. 
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1. Organisations better understand their information rights obligations 


No How we will achieve this Measures Due dates 
1.1 Running a well-regarded helpline that provides e Customer satisfaction |e Next survey 2015 
practical and helpful advice to organisations; using over 90% 
staff committed to good customer service and e Answer at least 95% e Quarterly reporting 
focussed on customer needs. of calls with an 
average wait of no 
more than 60s 
(Anticipating 200k- 
250k calls) 
1.2 Providing a timely and pragmatic written advice e 90% answered in 30 e Quarterly reporting 
service that provides workable solutions and steers days 
organisations to the website for future enquiries. 
1.3 Providing digital services that help organisations find | e Website customer April 2015 to March 
the information they need and which promote self- satisfaction 80% 2016 
education and online transactional services. e 100% increase in 
traffic to the website 
from social media 
e 12 webinars 
1.4 Broadening our communications channels to raise e Analyse stakeholder e Jun 2015 
greater awareness of information rights across a perception study and |e Jun 2016 
greater proportion of the UK and to reach more annual track survey 
deeply into niche professional markets. e Implement e Dec 2015 
recommendations e Dec 2016 


ICO plan 2015-2018 


No How we will achieve this Measures Due dates 
e 17,500 twitter e March 2016 
followers 
e ICO social media e March 2016 
impact; Klout score up 
10% on March 2015 
1.5 Developing and implementing media strategies for e Annual Track Survey e Ongoing to March 
organisations aimed at highlighting information 2017 
rights issues and publicising good practice. e Sector page visits up |e March 2016 
50% on March 2015 
1.6 Highlighting best practice and following up on e Annual Track survey e Ongoing through to 
improvement activity by sharing recommendations March 2017 
from our audit programme. e Surveys of those e Ongoing 
audited 
1.7 Promoting the benefits of the information rights e DP audit findings e Publication of 


concepts of privacy by design, data minimisation, 
privacy impact assessments and accountability. 


e Meeting objectives in 
Strategic Liaison plan 


outcomes when 
appropriate 
e Progress against plan 
reviewed 
Aug 2015 
Dec 2015 
Apr 2016 


1 Data Protection 
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No How we will achieve this Measures Due dates 
1.8 Considering how best to identify and act on e Meeting objectives in |e Progress against plan 
opportunities to work with other organisations to Strategic Liaison plan reviewed 
extend the reach of our guidance. Aug 2015 
Dec 2015 
Apr 2016 
1.9 Developing and promoting the privacy seal scheme e Bids to operate initial |e May 2015 
as a means of building the commitment of schemes evaluated 
organisations to good DP practice. e First scheme running e 2016 
e Meeting objectives in |e Progress against plan 
Strategic Liaison Plan reviewed 
Aug 2015 
Dec 2015 
Apr 2016 
1.10 | Publishing more information about complaint e Effective information e Ongoing 
outcomes to better inform organisations and capture/interpretation 
individuals as to what is being done to meet e Outcomes published 
common concerns. e Quarterly reports 
e Privacy issues alerts 
1.11 | Targeting areas of greatest information rights risk 


and focusing guidance and advice on these areas 


e Prioritising areas of highest information rights risk 
and implementing action plans to address these 
risks; including closer liaison with relevant 


organisations. 


? Priority Area Action Groups 
3 Information Rights Committee 


e Review priority areas 
e PAAG? reports 
e Fewer complaints in 


priority areas 


e Half yearly at IRC? 
e Half yearly at IRC 
e Ongoing 
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No How we will achieve this 


Measures 


Due dates 


e Developing new FOI/EIR* guidance following 
stakeholder consultation and significant Tribunal 

o a a 
ongoing activities and new initiatives which raise 
substantial information rights concerns. 


e Taking a coordinated approach to promoting 
proportionate DP compliance in the small and 
SME” sector; using a PAAG to identify and 
progress work aimed at building knowledge and 
competencies in the sector. 

e Raising awareness of information rights in 
Northern Ireland, Scotland and Wales in ways 
which recognise the particular local context. 


e Meeting objectives in 
Strategic Liaison plan 


e Stakeholder 
perception study 

e Meeting objectives in 
Strategic Liaison plan 


e SME PAAG report 
e Meeting objectives in 
Strategic Liaison plan 


e Meeting of objectives 
in the NI, Scotland 


and Wales plans 


Progress against plan 
reviewed 

Aug 2015 

Dec 2015 

Apr 2016 


Progress against plan 
reviewed 


Half yearly at IRC 
Progress against plan 
reviewed 


Progress reviewed 
quarterly 


4 Freedom of Information / Environmental Information Regulations 
> Small and Medium Sized Enterprises 
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No How we will achieve this Measures Due dates 
1.12 | Influencing and responding to legislative proposals e Mini project plans for |e Ongoing 
which extend or impact on information rights and specific proposals 
providing guidance to stakeholders on such changes. |e Responding to issues |e Ongoing 
on time 
e Meeting objectives in |e Progress against plan 
Strategic Liaison plan reviewed 
Aug 2015 
Dec 2015 
Apr 2016 
1.13 | Developing and promoting the use of DP self e Use of online tool Review usage Q3 
assessment as an aid to compliance. 2015/16 
1.14 | Developing new guidance on the Re-use of Public e Guidance published July 2015 
Sector Information Regulations. 
1.15 | Running a conference designed to acknowledge the e Conference held e March 2016 
work of and provide practical assistance to DP e Positive feedback from 
practitioners. participants 
1.16 | Developing a proposal to run an FOI practitioners e Consult on proposal September 2015 


conference. 
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2. Enforcement powers are used proportionately to ensure improved information rights compliance 


No How we will achieve this Measures Due dates 
2.1 Improving the compliance of organisations by e Develop an online 
issuing CMPs° for serious breaches of the DP Act and self-reported breach 
PECRs.’ tool 
e Effective tasking and 
coordination leading 
to enforcement 
e No of CMPs issued 
e Research on e June 2015 
effectiveness of CMPs 
e Arrangements for e Implemented by Sept 
implementation of 2015; dependent on 
revised criteria for the passage of 
CMPs in place necessary legislation 
2.2 Investigating and prosecuting those who commit e Initiatives with other | Quarterly reporting of 


criminal offences under the DP and FOI Acts, liaising 
with other investigative and prosecuting authorities 
as appropriate. 


regulators and 
prosecuting 
authorities 

e Prosecute and 
administer cautions 
where appropriate 

e No of convictions v 
prosecutions 


outcomes 


6 Civil Monetary Penalties 
7 Privacy and Electronic Communications Regulations 
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No How we will achieve this Measures Due dates 
2.3 Using other DP enforcement powers effectively 
e Using our enforcement notice power where there |e No of enforcement Half yearly progress 
is significant risk to information rights and this is notices issued report Oct 2015 
the most appropriate way of ensuring compliance. | e No of appeals and no 
E E eee E E a successful 
e Obtaining formal undertakings when e No of undertakings Half yearly progress 
improvements to information rights practices are obtained report Oct 2015 
required and this is the most appropriate way of |e Quarterly public 
ensuring compliance; ensuring required actions facing activity reports 
—. are undertaken, KñűñCñCñśOlaaaaaaaaaa 
e Encouraging organisations to sign up to e Targeted follow-ups Half yearly progress 
improvement plans which address information e Review effectiveness | report in Oct 2015 
rights compliance issues, backed by formal action of plans 
when needed. e 90% of recommen- 
dations actioned 
2.4 Improving compliance by issuing CMPs for serious e No of CMPs and Half yearly progress 


breaches of the PECR, in particular those relating to 
nuisance calls, SPAM texts and cookies, in a 
proportionate and effective way. 


enforcement notices 

e Report on compliance 
improvements 

e Fewer complaints to 
the Telephone 
Preference Service 
and the ICO about 
those we have taken 
action against 


report in Oct 2015 
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No How we will achieve this Measures Due dates 
2.5 Monitoring how quickly public authorities respond to |e Publication of Reviews at the end of 
FOI/EIR requests and addressing poor performance. quarterly reports each monitoring period 
e Annual report on the | and report at end Q4 
effectiveness of 2015/16 
monitoring 
2.6 Improving compliance with the FOI Act by taking e Issue enforcement Reviews at the end of 
enforcement action against those organisations that notices each monitoring period 
fail to improve after the monitoring period. e Publication of and report at end Q4 
quarterly reports 2015/16 
e Annual report on the 
effectiveness of 
monitoring 
2.7 Monitoring how quickly data controllers respond to e Introducing a End Q4 2015/16 
subject access requests; holding data controllers to monitoring process 
account and considering enforcement action where e Assessing the 
appropriate and proportionate. effectiveness of the 
monitoring process 
e Developing the code 
of practice 
2.8 Continue to make use of assessment notice powers Programme of health April 2015 
and plan for using new powers for non-consensual sector audits 
audits in the health sector. 
2.9 Undertake a programme of audits in relation to new | Programme of DRIPA April 2015 


responsibilities under the DRIPA® 


audits 


8 Data Retention and Investigative Powers Act 
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3. Customers receive a proportionate, fair and efficient response to their information rights concerns 


No How we will achieve this Measures Due dates 
3.1 Providing an efficient and timely DP complaints e To keep pace with e Quarterly report 
handling service that uses public concerns to identify intake; 90% of cases 
areas of improvement for organisations. closed in 6 months 
e Benchmark against e Quarterly report 
other regulators 
e Customer satisfaction |e Quarterly report 
survey 
3.2 Providing a FOI/EIR complaints handling service that |e To keep pace with Quarterly report 
makes proportionate and timely decisions. intake: 90% of cases 
closed in 6 months 
3.3 Providing a simple mechanism that enables the e Develop reporting tool |e By March 2016 
public to report their DP and PECR concerns without for DP concerns 
using third party software. e Redevelop PECR 
concern reporting tool |e By March 2016 
in-house 
3.4 Responding to appeals against our FOI decision e Cost per appeal e Monthly 
notices in a proportionate and efficient way. e No. & % of cases e Monthly 
resolved in-house 
e No. & % of cases e Monthly 
where counsel 
instructed 
e No. & % of oral e Monthly 


hearings attended 
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4. Individuals are empowered to use their information rights. 


No How we will achieve this Measures Due dates 
4.1 Promoting to the public how transparency initiatives, |e Annual track research | Ongoing 
proactive disclosure and publication schemes are e Press coverage 
useful in a democratic society. e “For the public” pages 
on the website 
e Facebook 
4.2 Working with organisations, including those e Communicating with e Progress against the 
concerned with children’s safety on the internet, to relevant organisations Strategic Liaison plan 
maximise the impact of guidance on how individuals via LinkedIn, reviewed 
can protect themselves against information rights webinars, speaking Aug 2015 
risks. engagements and Dec 2015 
meetings Apr 2016 
e No. and nature of 
complaints and 
enquiries 
4.3 To better understand public concerns about e Twelve meetings with |e Progress against plan 
information rights by working with civil society and such groups as in reviewed 
other groups, which are representative of those Strategic Liaison plan Aug 2015 
affected by information rights issues, and by using Dec 2015 
our own research. Apr 2016 
e Annual Track research |e Oct 2015 
4.4 Developing material for teachers and working within |e Follow up research e 2016 


the education system to embed information rights 
awareness in the curriculum. 
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No 


How we will achieve this 


Measures 


Due dates 


4.5 


Extending the ICO’s reach into all parts of the 
country and sections of society to achieve equality of 
access to information rights and our services. 


e Regional press 
coverage 

e Search engine ranking 

e Annual Track research 

e No of presentations 
about protected 
characteristics 

e No of advisory visits 
to hard to reach 
groups 

e No of people for whom 
we have made 
reasonable 
adjustments 

e No of stakeholders 
consulted with and 
provided guidance to 

e No of new 
communities or 
sections of the society 
reached 


Review annually in July 
2015, 2016 and 2017 
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No How we will achieve this Measures Due dates 

4.6 Running a well-regarded helpline that provides e Public customer e Next survey 2015 
practical and helpful advice to the public. satisfaction over 90% 

e Answer at least 95% e Quarterly reporting 
of calls with an 
average wait of no 
more than 60 seconds 
(Anticipating 200k- 
250k calls) 

4.7 Publishing more information about complaint and Improved website Half yearly progress 
concern outcomes to better inform individuals and content report Oct 2015 
organisations as to what is being done to meet 
common concerns. 

4.8 Providing the public with advice about new threats to | Practical and timely Within three days of the 
the security of their personal information (eg advice published on the threat emerging 
viruses) and steps they can take to protect ICO website. 
themselves. 

4.9 Reviewing the nature of the advice we provide for Support to Individuals Half yearly at IRC 


individuals and who it is directed at to ensure we are 
as effective as possible in helping to protect and 
empower both adults and children. 


PAAG report 
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5. The ICO is alert and responsive to changes which impact on information rights 


No How we will achieve this Measures Due dates 
5.1 Engaging with public policy initiatives across the e Relevant consultations |e In line with 
board to make sure they reflect and respect identified and consultation 
information rights. responded to timetables 
e Initiatives covered by |e Quarterly information 
Strategic Liaison and rights reports to IRC 
Policy Delivery plans and MB? and progress 
with objectives against plan reviewed 
established and met Aug 2015 
Dec 2015 
April 2016 
5.2 Engaging with transparency and Open Data e Meeting objectives set |e Progress against plan 


initiatives to ensure a balanced information rights 
perspective, and responding to specific legislative or 
good practice measures. 


in Strategic Liaison 
plan 


e Opportunities taken to 
influence and convey 
ICO views, with these 
views reflected in 
outputs from 
Transparency Boards, 
Open Data Institute 
and other bodies 


reviewed 
Aug 2015 
Dec 2015 
April 2016 

e Ongoing 


? Management Board 
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No How we will achieve this Measures Due dates 
5.3 Working with the new Government post May 2015 to |e Programme scrutinised |e July 2015 
ensure that information rights are considered as the with threats and 
legislative programme is developed and that the ICO opportunities identified 
and the legislation we oversee are seen as enablers 
of the digital economy. 
5.4 Liaising with, providing evidence for and reporting as |e Identify threats and e Specified deadlines 
necessary to the Westminster Parliament, the opportunities met 
Scottish Parliament and the devolved assemblies. e Evidence submitted e Ongoing 
e Meeting objectives in e Progress against plan 
Strategic Liaison plan reviewed 
Aug 2015 
Dec 2015 
Apr 2016 
5.5 Keeping alert, responding proportionately and using |e Engagement with the e In accordance with 


our powers and influence as appropriate to address 
the growth in surveillance and the need to reassess 
safeguards and oversight. 


Intelligence and 
Security Committee 
and other 
Parliamentary and 
related committees 
Meeting objectives in 
Strategic Liaison plan 


committee timetable 


and deadlines 


e Progress against plan 


reviewed 
Aug 2015 
Dec 2015 
Apr 2016 
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No How we will achieve this Measures Due dates 
5.6 Working with the Scottish Information Commissioner | Joint or jointly-badged Regular meetings 
to ensure a joined-up approach to information rights | guidance and conference 
issues so far as is consistent with the independence | presentations 
and functions of our respective offices. 
5.7 Using our influence to shape the international e Participation in As opportunities arise 
information rights landscape in a way that is international fora; eg 
consistent with the sensible delivery of the Art 29 WP, OECD, 
information rights outcomes that the ICO is seeking. WPSPDE and the 
International 
Conference of DP 
Commissioners 
e Instances where ICO 
intervention has made 
a positive difference 
5.8 Working with the MOJ?, Article 29 Working Party e Input into the Article e Ongoing 


and others to help shape the future European Union 
DP framework so that it delivers practical and 
enforceable rights for citizens and relevant and 
proportionate obligations for businesses and the 
regulator. 


29 Working Party 

e International Team’s 
contribution to IRC and 
MB reports 

e Meeting objectives in 
Strategic Liaison plan 


e Quarterly 


e Progress against plan 
reviewed 
Aug 2015 
Dec 2015 
Apr 2016 


10 Ministry of Justice 
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No How we will achieve this Measures Due dates 
5.9 Hosting the 2015 Spring Conference of European Successful conference May 2015 
Data Protection Authorities on the theme of “Data held with the ICO’s 
Protection in Practice” and with the title “Navigating | international study and 
the Digital Future — lets get practical” influence enhanced 
5.10 | Working for greater consistency and coordination in |e Participation in annual |e Ongoing 
the investigation and enforcement of global DP international 
issues. enforcement event 
e Sentinel information e June 2015 
sharing website 
established 
e Involvement in the e Ongoing 
introduction of the 
GPEN alert tool 
e Participation in global e As soon as notices of 
cross border intent to participate 
enforcement co- are invited 
operation arrangement 
5.11 | In light of the speed and impact of technological e Review complete e September 2015 
developments, reviewing how well placed we are to |e Outputs from e Half yearly report to 
respond to these and considering how we might Emerging Technologies IRC 
better assess and address technological risk and and Applications PAAG 
build technological capacity into all aspects of our 
information rights work. 
5.12 | Implementing a research strategy addressing the Research projects to Timescales set for each 


information rights agenda. 


deliver on time to budget 


research project 
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No How we will achieve this Measures Due dates 
5.13 | Ensuring that data sharing develops in a way that e Engagement with e Ongoing - dependent 
respects information rights without DP being seen as those developing on opportunities and 
a barrier to proportionate and beneficial data significant data sharing timetables of others 
sharing. plans, and with any 
plans for legislation 
e Meeting objectives in e Progress against plan 
Strategic Liaison plan reviewed 
Aug 2015 
Dec 2015 
Apr 2016 
5.14 | Continue to press government to commence Liaison with the MOJ and | Ongoing 


legislation to scrap the “fine only” regime for the 
unlawful trade in personal information and to allow 
courts to consider penalties such as community 
service orders or prison in the most serious of cases, 
as the key measure needed to build confidence in 
digital developments. 


other relevant 
departments 


24 


ICO plan 2015-2018 


6. An efficient ICO well prepared for the future 


No How we will achieve this Measures Due dates 
6.1 Preparing for substantial change involving: Review developments and | Ongoing 
e implementing a new EU DP legal framework take appropriate steps 
e developments in FOI/EIR legislation and case law 
e responding to the results of the Triennial Review 
e additional statutory responsibilities (eg MiData, 
and DRIPA). 
6.2 Working with the MOJ to define future funding Aiming for proposals that | Dec 2015 
arrangements that ensure the long-term stability of | meet ICO aims 
the ICO’s financial model and which take into 
account implementation of the new DP regulation 
6.3 Improving efficiency particularly in Corporate Planning and budgeting March 2016 
Support functions, purchasing and third party for 2015/16 and beyond March 2017 
contracts. March 2018 
6.4 Delivering a range of strategic IT and digital projects | See IT project schedules | Completed within agreed 
aimed at increasing the effectiveness of our case timescales and 
management and records management systems and standards 
increase operational efficiency. 
6.5 Building on current training and development so we | Evaluation of learning & March 2016 
can add value and deliver business outputs. development activity March 2017 
March 2018 
6.6 Engaging with staff to ensure input into and Engagement measures in | March 2016 
understanding of the ICO’s corporate evolution and staff surveys March 2017 
the need to respond to change with agility. March 2018 
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No How we will achieve this Measures Due dates 

6.7 Embedding diversity and our values so that they are |e No of joint diversity March 2016 
an everyday part of how we work and of our decision focused initiatives with | March 2017 
making. other bodies March 2018 


e No of advisory 
business outputs from 
the E&D!! Committee 

e No of E&D focused 
training days 

e No of E&D concerns 
identified and 
considered in the 
procurement process 

e Evaluation of 
departmental E&D 
activity 

e Staff survey and 
performance 
development reviews 

e No of information 
rights concerns 
identified and referred 
for further action 


11 Equality and Diversity 
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No How we will achieve this Measures Due dates 
6.8 Reviewing and improving our compliance with 
information rights legislation: 
e Maintaining performance in responding to 95% of requests within March 2016 
increased numbers of information requests. statutory deadlines March 2017 
be ene canter O E March 2018 
e Identifying and acting upon opportunities to Analysis of requests and March 2016 
proactively disclose information. increased proactive March 2017 
ee | disclosure | March 2028 
e Continuing to embed good information handling Monitoring the results of March 2016 
behaviours across the ICO. our refreshed awareness 
programme 
6.9 Having regard to the Regulators’ Code when e Review ICO practice e Dec 2015 
developing policies and operational procedures that against the Code 
guide the ICO’s regulatory activities. e Required actions taken |e In accordance with 
the agreed plan 
6.10 | Contributing to Government targets on Per head year on year Report on performance 
sustainability. reduction in greenhouse in Annual Reports 
gas emissions 
6.11 | Examining ways of using the flexibility we have to Approach agreed with March 2016 
charge for certain services to allow the ICO to MOJ 
provide services which aid compliance but which 
might not otherwise be affordable. 
6.12 | Working with the MOJ to consider changes to our Research undertaken and | June 2015 


notification fee structure focusing charges more on 
those organisations that represent the bigger 
information rights risk. 


proposal prepared 


27 


ICO plan 2015-2018 


No How we will achieve this Measures Due dates 
6.13 | Developing and finalising new IT service delivery and | Proposals prepared June 2015 
digital strategies. 
6.14 | Developing a people strategy by October 2015: e Strategy developed e Oct 2015 
e reviewing the competitiveness of pay and e Review completed e Oct 2015 
grading e Staff engagement e Sep 2016 
e recruitment and retention survey 
e developing people for senior roles e Turnover figures e Quarterly 
e better ways of working e Exit interview results e Ongoing 
6.15 Managing the orderly changeover of senior New senior leadership in Ongoing to 2017 


leadership including the arrival of a new 
Commissioner in June 2016. 


post. 
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Our values 
We will support delivery of our corporate plan by living our values. We are: 


e Committed 
We care about upholding information rights. 


e Team workers 
We work together as one ICO team, sharing information and expertise. 


e Focused 
We give priority to activities that make the biggest contribution to achieving our mission. 


e Effective 
We work to produce high quality and timely outcomes. 


e A model of best practice 
We do not ask others to do what we are not prepared to do ourselves. 


e Alert 
We are alert to the views and needs of our stakeholders and to the potential impact of new developments. 


e Fair 
We treat everybody we deal with fairly and with integrity and respect. We are inclusive in our approach. 


e Always learning 
We are always learning and developing professionally. 
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